Ask HN: How secure is the JavaScript NPM eco-system?
I feel like security is a big issue for the JS eco-system. Every app replies on at 10 if not more modules. Each of those modules then imports a bunch of other modules. You often end up with 100+ modules in node_modules/
Is this as big an issue as I think it is? Who checks the code? I would love to get HNers view on this.
3 comments
[ 2.7 ms ] story [ 24.5 ms ] threadThis is not specific to NPM. You can ask the same question for any language repository. And the answer will be in the most cases same.
If you use Golang, then you'll mostly be using the stdlib plus some libraries. A much smaller surface area and checking that code becomes more feasible.